lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 12 May 2014 03:13:52 -0700
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Duan Jiong <duanj.fnst@...fujitsu.com>,
	David Miller <davem@...emloft.net>
Cc:	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] ipv6: update Destination Cache entries when gateway turn
 into host

On Sun, May 11, 2014, at 20:07, Duan Jiong wrote:
> 于 2014年05月12日 08:54, Hannes Frederic Sowa 写道:
> > On Thu, May 8, 2014, at 20:24, Duan Jiong wrote:
> >>
> >> RFC 4861 states in 7.2.5:
> >>
> >> 	The IsRouter flag in the cache entry MUST be set based on the
> >>          Router flag in the received advertisement.  In those cases
> >>          where the IsRouter flag changes from TRUE to FALSE as a result
> >>          of this update, the node MUST remove that router from the
> >>          Default Router List and update the Destination Cache entries
> >>          for all destinations using that neighbor as a router as
> >>          specified in Section 7.3.3.  This is needed to detect when a
> >>          node that is used as a router stops forwarding packets due to
> >>          being configured as a host.
> >>
> >> Currently, when dealing with NA Message which IsRouter flag changes from
> >> TRUE to FALSE, the kernel only removes router from the Default Router List,
> >> and don't update the Destination Cache entries.
> >>
> >> Now in order to update those Destination Cache entries, i introduce
> >> function rt6_clean_tohost().
> >>
> >> [...]
> >>
> >> +/*remove routers and update dst entries when gateway turn into host.*/
> >> +static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
> >> +{
> >> +	struct in6_addr *gateway = (struct in6_addr *)arg;
> >> +
> >> +	if (((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
> >> +	    == (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
> >> +	    && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
> >> +		return -1;
> >> +	} else if (((rt->rt6i_flags & (RTF_GATEWAY | RTF_CACHE))
> >> +		      == (RTF_GATEWAY | RTF_CACHE))
> >> +		    && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
> >> +		rt->rt6i_flags |= RTF_REJECT;
> >> +		rt->dst.error = -ENETUNREACH;
> >> +	}
> >> +	return 0;
> >> +}
> > 
> > I am not so happy with that but have not tried that.
> > 
> > The Destination Cache you quote from the RFC (if you follow 7.3.3.) actually refers to the neighbouring
> > subsystem, where we would need to generate subsequent errors in case we try to forward a packet
> > through a this particular router.
> > 
> > The reason why I am not that happy is, that the semantics when neighbour nodes are cleared is well
> > defined but we don't have that semantics when those rt6_nodes get cleared up. E.g. consider a router which just temporarily switches forwarding off and on.
> > 
> > I guess we need to inspect NTF_ROUTER flag in the output path somehow. :/
> 
> Why we need to inspect NTF_ROUTER flag?
> In my opinion, the problem is that we can't use the neighbour node as next hop.

I agree. I don't see a problem with returning -1 from the function but with the case
where you originate errors from the routing table by setting rt->dst.error. These
entries have a lifetime governed by the gc.

Greetings,

  Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists